Show filters
373 Total Results
Displaying 201-210 of 373
Sort by:
Attacker Value
Unknown

Special:Search allows redirects to any interwiki link

Disclosure Date: April 13, 2018 (last updated November 26, 2024)
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where Special:Search allows redirects to any interwiki link.
0
0
Attacker Value
Unknown

Parameters injection in SyntaxHighlight results in multiple vulnerabilities

Disclosure Date: April 13, 2018 (last updated November 26, 2024)
Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities.
0
0
Attacker Value
Unknown

api.log contains passwords in plaintext

Disclosure Date: April 13, 2018 (last updated November 26, 2024)
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains an information disclosure flaw, where the api.log might contain passwords in plaintext.
0
0
Attacker Value
Unknown

XSS in SearchHighlighter::highlightText() [requires non-default config]

Disclosure Date: April 13, 2018 (last updated November 26, 2024)
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a XSS vulnerability in SearchHighlighter::highlightText() with non-default configurations.
0
0
Attacker Value
Unknown

Special:UserLogin?returnto=interwiki:foo will redirect to external sites

Disclosure Date: April 13, 2018 (last updated November 26, 2024)
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 has a flaw where Special:UserLogin?returnto=interwiki:foo will redirect to external sites.
0
0
Attacker Value
Unknown

Spam blacklist ineffective on encoded URLs inside file inclusion syntax's link …

Disclosure Date: April 13, 2018 (last updated November 26, 2024)
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw were Spam blacklist is ineffective on encoded URLs inside file inclusion syntax's link parameter.
0
0
Attacker Value
Unknown

SVG filter evasion using default attribute values in DTD declaration

Disclosure Date: April 13, 2018 (last updated November 26, 2024)
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw allowing to evade SVG filter using default attribute values in DTD declaration.
0
0
Attacker Value
Unknown

Make rawHTML mode not apply to system messages

Disclosure Date: April 13, 2018 (last updated November 26, 2024)
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw making rawHTML mode apply to system messages.
0
0
Attacker Value
Unknown

Having LocalisationCache directory default to system tmp directory is insecure

Disclosure Date: April 13, 2018 (last updated November 26, 2024)
Mediawiki before 1.28.1 / 1.27.2 contains an unsafe use of temporary directory, where having LocalisationCache directory default to system tmp directory is insecure.
0
0
Attacker Value
Unknown

"Mark all pages visited" on the watchlist does not require a CSRF token

Disclosure Date: April 13, 2018 (last updated November 26, 2024)
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where the "Mark all pages visited" on the watchlist does not require a CSRF token.
0
0
View More Topics  < Previous  Next >