RSS   Podatności dla 'Mediawiki botquery ext'   RSS

2012-01-08
 
CVE-2011-4361

CWE-264
 
 
MediaWiki before 1.17.1 does not check for read permission before handling action=ajax requests, which allows remote attackers to obtain sensitive information by (1) leveraging the SpecialUpload::ajaxGetExistsWarning function, or by (2) leveraging an extension, as demonstrated by the CategoryTree, ExtTab, and InlineEditor extensions.

 
 
CVE-2011-4360

CWE-264
 
 
MediaWiki before 1.17.1 allows remote attackers to obtain the page titles of all restricted pages via a series of requests involving the (1) curid or (2) oldid parameter.

 
2008-01-25
 
CVE-2008-0460

 
 
Cross-site scripting (XSS) vulnerability in api.php in (1) MediaWiki 1.11 through 1.11.0rc1, 1.10 through 1.10.2, 1.9 through 1.9.4, and 1.8; and (2) the BotQuery extension for MediaWiki 1.7 and earlier; when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

 

 >>> Vendor: Mediawiki 12 Produkty
Mediawiki
Mediawiki botquery ext
Mediawik
Rssreader
Checkuser
Scribunto
Abusefilter
Visual editor
Mobilefrontend
Skin\
Shortdescription
Rss for mediawiki

Copyright 2024, cxsecurity.com

 

Back to Top