All the vulnerabilites related to Wikimedia Foundation - MediaWiki
cve-2013-6455
Vulnerability from cvelistv5
Published
2020-01-28 14:54
Modified
2024-08-06 17:39
Severity ?
Summary
The CentralAuth extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to obtain usernames via vectors related to writing the names to the DOM of a page.
References
http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.htmlx_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T17:39:01.461Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MediaWiki",
          "vendor": "Wikimedia Foundation",
          "versions": [
            {
              "status": "affected",
              "version": "before 1.19.10"
            },
            {
              "status": "affected",
              "version": "1.2x before 1.21.4"
            },
            {
              "status": "affected",
              "version": "1.22.x before 1.22.1"
            }
          ]
        }
      ],
      "datePublic": "2014-01-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The CentralAuth extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to obtain usernames via vectors related to writing the names to the DOM of a page."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Path Disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-01-28T14:54:22",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2013-6455",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MediaWiki",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "before 1.19.10"
                          },
                          {
                            "version_value": "1.2x before 1.21.4"
                          },
                          {
                            "version_value": "1.22.x before 1.22.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Wikimedia Foundation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The CentralAuth extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to obtain usernames via vectors related to writing the names to the DOM of a page."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Path Disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html",
              "refsource": "MISC",
              "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-6455",
    "datePublished": "2020-01-28T14:54:22",
    "dateReserved": "2013-11-04T00:00:00",
    "dateUpdated": "2024-08-06T17:39:01.461Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2013-4303
Vulnerability from cvelistv5
Published
2019-12-11 18:30
Modified
2024-08-06 16:38
Severity ?
Summary
includes/libs/IEUrlExtension.php in the MediaWiki API in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 does not properly detect extensions when there are an even number of "." (period) characters in a string, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the siprop parameter in a query action to wiki/api.php.
References
http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.htmlx_refsource_MISC
http://seclists.org/oss-sec/2013/q3/553x_refsource_MISC
https://bugzilla.wikimedia.org/show_bug.cgi?id=52746x_refsource_MISC
http://www.securityfocus.com/bid/62194x_refsource_MISC
https://exchange.xforce.ibmcloud.com/vulnerabilities/86897x_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:38:01.957Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/oss-sec/2013/q3/553"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=52746"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/62194"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86897"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MediaWiki",
          "vendor": "Wikimedia Foundation",
          "versions": [
            {
              "status": "affected",
              "version": "1.19.x before 1.19.8"
            },
            {
              "status": "affected",
              "version": "1.20.x before 1.20.7"
            },
            {
              "status": "affected",
              "version": "and 1.21.x before 1.21.2"
            }
          ]
        }
      ],
      "datePublic": "2013-09-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "includes/libs/IEUrlExtension.php in the MediaWiki API in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 does not properly detect extensions when there are an even number of \".\" (period) characters in a string, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the siprop parameter in a query action to wiki/api.php."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-12-11T18:30:37",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://seclists.org/oss-sec/2013/q3/553"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=52746"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.securityfocus.com/bid/62194"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86897"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2013-4303",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MediaWiki",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "1.19.x before 1.19.8"
                          },
                          {
                            "version_value": "1.20.x before 1.20.7"
                          },
                          {
                            "version_value": "and 1.21.x before 1.21.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Wikimedia Foundation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "includes/libs/IEUrlExtension.php in the MediaWiki API in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 does not properly detect extensions when there are an even number of \".\" (period) characters in a string, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the siprop parameter in a query action to wiki/api.php."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html",
              "refsource": "MISC",
              "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html"
            },
            {
              "name": "http://seclists.org/oss-sec/2013/q3/553",
              "refsource": "MISC",
              "url": "http://seclists.org/oss-sec/2013/q3/553"
            },
            {
              "name": "https://bugzilla.wikimedia.org/show_bug.cgi?id=52746",
              "refsource": "MISC",
              "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=52746"
            },
            {
              "name": "http://www.securityfocus.com/bid/62194",
              "refsource": "MISC",
              "url": "http://www.securityfocus.com/bid/62194"
            },
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86897",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86897"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-4303",
    "datePublished": "2019-12-11T18:30:37",
    "dateReserved": "2013-06-12T00:00:00",
    "dateUpdated": "2024-08-06T16:38:01.957Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2013-6451
Vulnerability from cvelistv5
Published
2020-01-28 14:56
Modified
2024-08-06 17:39
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in MediaWiki 1.19.9 before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via unspecified CSS values.
References
http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.htmlx_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T17:39:01.483Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MediaWiki",
          "vendor": "Wikimedia Foundation",
          "versions": [
            {
              "status": "affected",
              "version": "1.19.9 before 1.19.10"
            },
            {
              "status": "affected",
              "version": "1.2x before 1.21.4"
            },
            {
              "status": "affected",
              "version": "1.22.x before 1.22.1"
            }
          ]
        }
      ],
      "datePublic": "2014-01-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in MediaWiki 1.19.9 before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via unspecified CSS values."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-01-28T14:56:22",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2013-6451",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MediaWiki",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "1.19.9 before 1.19.10"
                          },
                          {
                            "version_value": "1.2x before 1.21.4"
                          },
                          {
                            "version_value": "1.22.x before 1.22.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Wikimedia Foundation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in MediaWiki 1.19.9 before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via unspecified CSS values."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html",
              "refsource": "MISC",
              "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-6451",
    "datePublished": "2020-01-28T14:56:22",
    "dateReserved": "2013-11-04T00:00:00",
    "dateUpdated": "2024-08-06T17:39:01.483Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2013-4572
Vulnerability from cvelistv5
Published
2020-02-06 14:40
Modified
2024-08-06 16:45
Severity ?
Summary
The CentralNotice extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 sets the Cache-Control header to cache session cookies when a user is autocreated, which allows remote attackers to authenticate as the created user.
References
https://bugzilla.wikimedia.org/show_bug.cgi?id=53032x_refsource_MISC
http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123011.htmlx_refsource_MISC
http://lists.fedoraproject.org/pipermail/package-announce/2013-December/122998.htmlx_refsource_MISC
http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-November/000135.htmlx_refsource_CONFIRM
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:45:15.240Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=53032"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123011.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/122998.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-November/000135.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MediaWiki",
          "vendor": "Wikimedia Foundation",
          "versions": [
            {
              "status": "affected",
              "version": "before 1.19.9"
            },
            {
              "status": "affected",
              "version": "1.20.x before 1.20.8"
            },
            {
              "status": "affected",
              "version": "1.21.x before 1.21.3"
            }
          ]
        }
      ],
      "datePublic": "2013-08-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The CentralNotice extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 sets the Cache-Control header to cache session cookies when a user is autocreated, which allows remote attackers to authenticate as the created user."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Other",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-06T14:40:13",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=53032"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123011.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/122998.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-November/000135.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2013-4572",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MediaWiki",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "before 1.19.9"
                          },
                          {
                            "version_value": "1.20.x before 1.20.8"
                          },
                          {
                            "version_value": "1.21.x before 1.21.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Wikimedia Foundation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The CentralNotice extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 sets the Cache-Control header to cache session cookies when a user is autocreated, which allows remote attackers to authenticate as the created user."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.wikimedia.org/show_bug.cgi?id=53032",
              "refsource": "MISC",
              "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=53032"
            },
            {
              "name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123011.html",
              "refsource": "MISC",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123011.html"
            },
            {
              "name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/122998.html",
              "refsource": "MISC",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/122998.html"
            },
            {
              "name": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-November/000135.html",
              "refsource": "CONFIRM",
              "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-November/000135.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-4572",
    "datePublished": "2020-02-06T14:40:13",
    "dateReserved": "2013-06-12T00:00:00",
    "dateUpdated": "2024-08-06T16:45:15.240Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}