mediawiki vulnerabilities

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the mediawiki package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
M Uncontrolled Recursion	*
H Release of Invalid Pointer or Reference	*
M Cross-site Scripting (XSS)	*
H Incorrect Default Permissions	<1:1.27.7-1+deb9u11
L Improper Check for Unusual or Exceptional Conditions	*
H Allocation of Resources Without Limits or Throttling	<1:1.27.7-1~deb9u10
M Cross-site Scripting (XSS)	<1:1.27.7-1~deb9u10
H Exposure of Resource to Wrong Sphere	<1:1.27.7-1~deb9u10
M CVE-2021-30159	<1:1.27.7-1~deb9u8
M Incorrect Permission Assignment for Critical Resource	<1:1.27.7-1~deb9u8
M Missing Authorization	<1:1.27.7-1~deb9u8
M Improper Authentication	<1:1.27.7-1~deb9u8
H CVE-2021-27291	<1:1.27.7-1~deb9u8
H Loop with Unreachable Exit Condition ('Infinite Loop')	<1:1.27.7-1~deb9u8
M Cross-site Scripting (XSS)	<1:1.27.7-1~deb9u7
M Information Exposure	<1:1.27.7-1~deb9u7
M Improper Input Validation	<1:1.27.7-1~deb9u7
M Cross-site Scripting (XSS)	<1:1.27.7-1~deb9u4
M Cross-site Scripting (XSS)	<1:1.27.7-1~deb9u4
H Improper Restriction of Excessive Authentication Attempts	<1:1.27.7-1~deb9u4
M CVE-2020-25813	<1:1.27.7-1~deb9u4
L Information Exposure	<1:1.27.7-1~deb9u7
M Open Redirect	<1:1.27.7-1~deb9u3
M Information Exposure	<1:1.27.7-1~deb9u2
M Cross-site Scripting (XSS)	<1:1.27.7-1~deb9u1
H CVE-2019-12473	<1:1.27.7-1~deb9u1
H Cross-site Request Forgery (CSRF)	<1:1.27.7-1~deb9u1
M CVE-2019-12467	<1:1.27.7-1~deb9u1
M Missing Authorization	<1:1.27.7-1~deb9u1
C Missing Authentication for Critical Function	<1:1.27.7-1~deb9u1
M Missing Authorization	<1:1.27.7-1~deb9u1
H CVE-2019-12472	<1:1.27.7-1~deb9u1
H CVE-2019-12474	<1:1.27.7-1~deb9u1
M Cross-site Scripting (XSS)	<1:1.27.7-1~deb9u1
M Improper Privilege Management	<1:1.27.5-1~deb9u1
M Information Exposure Through Log Files	<1:1.27.5-1~deb9u1
M Improper Authentication	<1:1.27.5-1~deb9u1
M Cross-site Scripting (XSS)	<1:1.19.10+dfsg-1
L Cross-site Scripting (XSS)	<1:1.19.8+dfsg-1
H Session Fixation	<1:1.19.8+dfsg-2.2
H Improper Input Validation	<1:1.19.4-1
H Use of Hard-coded Credentials	<1:1.19.2-1
H CVE-2017-0371	<1:1.27.2-1
M Cross-site Scripting (XSS)	<1:1.19.5-1
H Information Exposure	<1:1.19.4-1
L Information Exposure	<1:1.15.5-6
L Information Exposure	*
H Cross-site Request Forgery (CSRF)	<1:1.27.2-1
H Information Exposure	<1:1.27.2-1
M Open Redirect	<1:1.27.2-1
M Cross-site Scripting (XSS)	<1:1.27.2-1
M Improper Input Validation	<1:1.27.2-1
H Exposure of Resource to Wrong Sphere	<1:1.27.2-1
M Improper Input Validation	<1:1.27.2-1
M Incorrect Default Permissions	<1:1.27.2-1
M Improper Input Validation	<1:1.27.2-1
M Open Redirect	<1:1.27.2-1
C Arbitrary Code Injection	<1:1.27.3-1
H Information Exposure	<1:1.27.4-1~deb9u1
M Cross-site Scripting (XSS)	<1:1.27.4-1~deb9u1
M Improper Input Validation	<1:1.27.4-1~deb9u1
M CVE-2017-8812	<1:1.27.4-1~deb9u1
C Arbitrary Code Injection	<1:1.27.4-1~deb9u1
H Improper Input Validation	<1:1.27.4-1~deb9u1
H Improper Input Validation	<1:1.27.4-1~deb9u1
M Cross-site Scripting (XSS)	<1:1.19.2-1
M Cross-site Scripting (XSS)	<1:1.19.2-1
M Improper Access Control	<1:1.19.2-1
M Information Exposure	<1:1.19.2-1
H Improper Access Control	<1:1.19.2-1
H Information Exposure	<1:1.27.1-1
M Improper Access Control	<1:1.27.1-1
H Improper Access Control	<1:1.27.1-1
H Improper Access Control	<1:1.27.1-1
M Cross-site Scripting (XSS)	<1:1.27.1-1
H Information Exposure	<1:1.27.1-1
M Cross-site Scripting (XSS)	<1:1.27.1-1
L Improper Access Control	<1:1.25.5-1
L Cross-site Request Forgery (CSRF)	<1:1.25.5-1
L Cross-site Scripting (XSS)	<1:1.25.5-1
L Cross-site Request Forgery (CSRF)	<1:1.25.5-1
L Credentials Management	<1:1.25.5-1
L Information Exposure	<1:1.25.5-1
L Improper Access Control	<1:1.25.5-1
M Resource Management Errors	<1:1.25.5-1
M Information Exposure	<1:1.25.5-1
M Access Restriction Bypass	<1:1.25.5-1
M Resource Management Errors	<1:1.25.5-1
M Information Exposure	<1:1.25.5-1
M Information Exposure	<1:1.25.5-1
M Cross-site Scripting (XSS)	<1:1.25.5-1
H Cross-site Request Forgery (CSRF)	<1:1.25.5-1
M Cross-site Request Forgery (CSRF)	<1:1.19.20+dfsg-2.3
M Information Exposure	<1:1.19.20+dfsg-2.3
M Resource Management Errors	<1:1.19.20+dfsg-2.3
M Cross-site Scripting (XSS)	<1:1.19.20+dfsg-2.3
M Cross-site Scripting (XSS)	<1:1.19.20+dfsg-2.3
M Cross-site Scripting (XSS)	<1:1.19.20+dfsg-2.3
M Resource Management Errors	<1:1.19.20+dfsg-2.3
M Cross-site Scripting (XSS)	<1:1.19.20+dfsg-2.3
L Cross-site Scripting (XSS)	<1:1.19.20+dfsg-2.3
M Cross-site Scripting (XSS)	<1:1.19.20+dfsg-2.3
L Resource Management Errors	<1:1.19.20+dfsg-2.3
M Cross-site Scripting (XSS)	<1:1.19.20+dfsg-2.3
L Cross-site Scripting (XSS)	<1:1.19.20+dfsg-2.2
H Arbitrary Command Injection	<1:1.19.20+dfsg-2.1
L Cross-site Scripting (XSS)	<1:1.19.20+dfsg-1
M Cross-site Scripting (XSS)	<1:1.19.19+dfsg-1
M Improper Input Validation	<1:1.19.18+dfsg-0.1
M Cross-site Request Forgery (CSRF)	<1:1.19.18+dfsg-0.1
L Cross-site Scripting (XSS)	<1:1.19.16+dfsg-1
M CVE-2012-5391	<1:1.19.3-1
H Improper Input Validation	<1:1.19.10+dfsg-1
M Cross-site Scripting (XSS)	<1:1.19.10+dfsg-1
M Cross-site Scripting (XSS)	<1:1.19.10+dfsg-1
M Information Exposure	<1:1.19.10+dfsg-1
M Improper Authentication	<1:1.19.14+dfsg-1
M Race Condition	<1:1.19.12+dfsg-1
M Cross-site Scripting (XSS)	<1:1.19.12+dfsg-1
M Improper Input Validation	<1:1.19.11+dfsg-1
M CVE-2013-4568	<1:1.19.8+dfsg-2.2
M CVE-2013-4567	<1:1.19.8+dfsg-2.2
M CVE-2013-2114	<1:1.19.7+dfsg-1
M Cross-site Scripting (XSS)	<1:1.19.6-1
L Access Restriction Bypass	<1:1.19.6-1
M Access Restriction Bypass	<1:1.19.8+dfsg-1
L Information Exposure	<1:1.19.8+dfsg-1
M Cross-site Scripting (XSS)	<1:1.15.5-9
L CVE-2012-4885	<1:1.19.0-1
M Access Restriction Bypass	<1:1.15.5-9
M Cross-site Scripting (XSS)	<1:1.19.1-1
M Incorrect Default Permissions	<1:1.15.5-4
M Information Exposure	<1:1.15.5-4
L Cross-site Scripting (XSS)	<1:1.15.5-1
M Improper Input Validation	<1:1.15.5-5
L Improper Input Validation	<1:1.15.5-5
M Cross-site Scripting (XSS)	<1:1.15.5-5
M Cross-site Scripting (XSS)	<1:1.15.5-5
L Information Exposure	<1:1.15.5-1
L Cross-site Scripting (XSS)	<1:1.15.5-3
M Improper Input Validation	<1:1.15.5-2
L Cross-site Request Forgery (CSRF)	<1:1.15.4-1
L Cross-site Scripting (XSS)	<1:1.15.4-1
L Cross-site Request Forgery (CSRF)	<1:1.15.3-1
L Access Restriction Bypass	<1:1.15.2-1
L Improper Input Validation	<1:1.15.2-1
L Cross-site Scripting (XSS)	<1:1.15.0-1.1
L Cross-site Scripting (XSS)	<1:1.14.0-1
L Access Restriction Bypass	<1:1.13.3-1
L Information Exposure	<1:1.13.3-1
L Cross-site Scripting (XSS)	<1:1.13.3-1
M Cross-site Scripting (XSS)	<1:1.13.3-1
M Cross-site Request Forgery (CSRF)	<1:1.13.3-1
L Cross-site Scripting (XSS)	<1:1.13.2-1
M Information Exposure	<1:1.11.2-1
L Cross-site Scripting (XSS)	<1:1.11.1-1
L Cross-site Scripting (XSS)	<1.10.2-1
M Arbitrary Code Injection	<1.7.1-9
M CVE-2007-1054	<1.7.1-9
L CVE-2007-0894	*
M CVE-2007-0177	<1.7.1-6
M CVE-2006-1498	<1.4.15-1
L CVE-2006-0322	<1.4.15-1
M CVE-2005-4501	<1.4.13-1
M CVE-2005-3165	<1.4.9
M CVE-2005-3167	<1.4.11-1
M CVE-2005-3166	<1.4.11-1
M CVE-2005-2396	<1.4.9
M CVE-2005-2215	<1.4.9
M CVE-2005-1888	<1.4.9
M CVE-2005-1245	<1.4.9
M CVE-2005-0534	<1.4.9
M CVE-2005-0536	<1.4.9
H CVE-2005-0535	<1.4.9
M CVE-2004-2187	<1.4.9
H CVE-2004-2186	<1.4.9
H CVE-2004-1405	<1.4.9
M CVE-2004-2185	<1.4.9
M CVE-2004-2152	<1.4.9