CVE Daily
← All tags

Tag: MediaWiki

All CVEs associated with "MediaWiki". Page 6/6 • 606 CVEs.

Subscribe CVEs: RSS for “MediaWiki”  ·  RSS (High+Critical only)

About “MediaWiki”

A curated feed of “MediaWiki”-related CVEs appears below. We currently track 606 CVEs for this tag (all time). In the last 365 days, 138 were published. Average CVSS is 5.9 (all time; 6.0 over 365d), and 22% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor, CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal').

In our taxonomy this topic maps to a MODERATE impact class. CMS and plugins expand attack surface. Patch core, themes, and plugins, remove abandoned extensions, restrict admin access, enable WAF, and keep backups. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2005-02-22
High

CVE-2005-0535

Cross-site request forgery (CSRF) vulnerability in MediaWiki 1.3.x before 1.3.11 and 1.4 beta before 1.4 rc1 allows remote attackers to perform unauthorized actions as authenticated MediaWiki users.

CVSS: 7.5 CWE: N/A View on NVD
2004-12-31
High

CVE-2004-1405

MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary c…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2004-2152

Cross-site scripting (XSS) vulnerability in 'raw' page output mode for MediaWiki 1.3.4 and earlier allows remote attackers to inject arbitrary web script or HTML.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2004-2185

Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki 1.3.5 allow remote attackers to execute arbitrary scripts and/or SQL queries via (1) the UnicodeConverter extension, (2) raw page view…

CVSS: 6.8 CWE: N/A View on NVD
High

CVE-2004-2186

SQL injection vulnerability in MediaWiki 1.3.5 allows remote attackers to execute arbitrary SQL commands via SpecialMaintenance.

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2004-2187

Unknown vulnerability in ImagePage for MediaWiki 1.3.5, related to "filename validation," has unknown impact and attack vectors.

CVSS: 5.0 CWE: N/A View on NVD