Vulnerabilidades em Wikimedia Foundation

118 resultados
CVE-2013-4572The CentralNotice extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 sets the Cache-Control header to cacEPSS 2.1%CVE-2013-4303includes/libs/IEUrlExtension.php in the MediaWiki API in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 doesEPSS 1.5%CVE-2013-6455The CentralAuth extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to obtain usernEPSS 1.1%CVE-2013-6451Cross-site scripting (XSS) vulnerability in MediaWiki 1.19.9 before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attaEPSS 1.1%CVE-2025-53484CRITICALSecurePoll: Multiple locations vulnerable to Cross-Site Scripting (XSS) via unescaped inputEPSS 0.5%CVE-2025-6597NONEMediaWiki should not consider autocreation as login for the purposes of security reauthenticationEPSS 0.5%CVE-2025-6927LOWAutoblocks from global account suppressions are publicly visibleEPSS 0.5%CVE-2025-6589LOWWith MultiBlocks enabled and a user who is suppressed via a MultiBlock, a user without 'hideuser' can see the hidden username in the BlockListEPSS 0.4%CVE-2026-0668MEDIUMVisualData extension: Regular Expression Denial of Service (ReDoS) via crafted user inputEPSS 0.4%CVE-2025-62665MEDIUMStored XSS through system messages in Skin:BlueSkyEPSS 0.4%CVE-2025-53481HIGHDenial of service vector on ipinfo/v0/norevisionEPSS 0.4%CVE-2026-39838MEDIUMProofreadPage improperly sanitizes multiline styles using Sanitizer::checkCSSEPSS 0.4%CVE-2025-6593LOW"{{SITENAME}} registered email address has been changed" email sent to unverified email addressesEPSS 0.4%CVE-2025-67484NONEAction API xslt option allows JavaScript execution by administrators who are not interface administratorsEPSS 0.4%CVE-2025-6591NONEHTML injection in API action=feedcontributions output from i18n messageEPSS 0.4%CVE-2025-6596NONEVector inserts portlet labels as HTML, allowing for stored XSS through system messagesEPSS 0.4%CVE-2026-0669HIGHPath Traversal vulnerability in CSS extension on certain web serversEPSS 0.4%CVE-2025-6926HIGHSecurity Authentication Bypass in CentralAuthEPSS 0.4%CVE-2025-6592LOWCreating a permanent account from a temporary account associates temp username and IP address with real username in AbuseLogEPSS 0.4%CVE-2025-61635NONEAdd rate limiting to ApiFancyCaptchaReloadEPSS 0.4%