mediawiki vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the mediawiki package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free
VulnerabilityVulnerable Version
  • L
CVE-2024-34506

<1:1.35.13-1+deb11u2
  • M
Cross-site Scripting (XSS)

<1:1.35.13-1+deb11u3
  • M
CVE-2023-45362

<1:1.35.13-1~deb11u1
  • M
Cross-site Scripting (XSS)

<1:1.35.13-1~deb11u1
  • H
Loop with Unreachable Exit Condition ('Infinite Loop')

<1:1.35.13-1~deb11u1
  • H
Cross-site Scripting (XSS)

<1:1.35.13-1~deb11u1
  • M
CVE-2023-36674

<1:1.35.11-1~deb11u1
  • M
Cross-site Scripting (XSS)

<1:1.35.11-1~deb11u1
  • C
CVE-2023-29141

<1:1.35.11-1~deb11u1
  • H
Inefficient Regular Expression Complexity

<1:1.35.11-1~deb11u1
  • M
Incorrect Permission Assignment for Critical Resource

<1:1.35.11-1~deb11u1
  • M
Information Exposure

<1:1.35.8-1~deb11u1
  • M
CVE-2022-41767

<1:1.35.8-1~deb11u1
  • M
Cross-site Scripting (XSS)

<1:1.35.8-1~deb11u1
  • M
CVE-2022-34912

<1:1.35.8-1~deb11u1
  • H
Improper Cross-boundary Removal of Sensitive Data

<1:1.35.8-1~deb11u1
  • H
Information Exposure

<1:1.35.8-1~deb11u1
  • H
Improper Cross-boundary Removal of Sensitive Data

<1:1.35.8-1~deb11u1
  • H
Improper Cross-boundary Removal of Sensitive Data

<1:1.35.8-1~deb11u1
  • H
Reliance on Cookies without Validation and Integrity Checking

<1:1.35.8-1~deb11u1
  • M
Uncontrolled Recursion

<1:1.35.8-1~deb11u1
  • H
Release of Invalid Pointer or Reference

<1:1.35.8-1~deb11u1
  • M
Cross-site Scripting (XSS)

<1:1.35.8-1~deb11u1
  • M
Cross-site Scripting (XSS)

<1:1.35.8-1~deb11u1
  • H
Incorrect Default Permissions

<1:1.35.4-1+deb11u2
  • M
Information Exposure

<1:1.35.4-1+deb11u2
  • M
Missing Authorization

<1:1.35.4-1+deb11u2
  • M
CVE-2021-44854

<1:1.35.8-1~deb11u1
  • M
Improper Check for Unusual or Exceptional Conditions

<1:1.35.8-1~deb11u1
  • H
Allocation of Resources Without Limits or Throttling

<1:1.35.4-1~deb11u1
  • M
Allocation of Resources Without Limits or Throttling

<1:1.35.4-1~deb11u1
  • H
Incorrect Authorization

<1:1.35.4-1~deb11u1
  • M
Cross-site Scripting (XSS)

<1:1.35.4-1~deb11u1
  • H
Exposure of Resource to Wrong Sphere

<1:1.35.4-1~deb11u1
  • M
CVE-2021-30159

<1:1.35.2-1
  • M
Exposure of Resource to Wrong Sphere

<1:1.35.2-1
  • M
Incorrect Permission Assignment for Critical Resource

<1:1.35.2-1
  • M
Cross-site Scripting (XSS)

<1:1.35.2-1
  • M
Missing Authorization

<1:1.35.2-1
  • M
Cross-site Scripting (XSS)

<1:1.35.2-1
  • M
Improper Authentication

<1:1.35.2-1
  • M
Cross-site Scripting (XSS)

<1:1.35.2-1
  • H
CVE-2021-27291

<1:1.35.2-1
  • H
Loop with Unreachable Exit Condition ('Infinite Loop')

<1:1.35.2-1
  • M
Cross-site Scripting (XSS)

<1:1.35.1-1
  • M
Information Exposure

<1:1.35.1-1
  • M
Cross-site Scripting (XSS)

<1:1.35.1-1
  • H
Improper Encoding or Escaping of Output

<1:1.35.1-1
  • M
Improper Input Validation

<1:1.35.1-1
  • M
Cross-site Scripting (XSS)

<1:1.35.1-1
  • M
Cross-site Scripting (XSS)

<1:1.35.0-1
  • M
Cross-site Scripting (XSS)

<1:1.35.0-1
  • M
Cross-site Scripting (XSS)

<1:1.35.0-1
  • H
Improper Restriction of Excessive Authentication Attempts

<1:1.35.0-1
  • M
CVE-2020-25813

<1:1.35.0-1
  • M
Cross-site Scripting (XSS)

<1:1.35.0-1
  • L
Information Exposure

<1:1.31.8-1
  • M
Improper Encoding or Escaping of Output

<1:1.31.7-1
  • M
Open Redirect

<1:1.31.6-1
  • M
Information Exposure

<1:1.31.4-1
  • M
Cross-site Scripting (XSS)

<1:1.31.2-1
  • H
CVE-2019-12473

<1:1.31.2-1
  • H
Cross-site Request Forgery (CSRF)

<1:1.31.2-1
  • M
CVE-2019-12467

<1:1.31.2-1
  • M
Missing Authorization

<1:1.31.2-1
  • C
Missing Authentication for Critical Function

<1:1.31.2-1
  • M
Missing Authorization

<1:1.31.2-1
  • H
CVE-2019-12472

<1:1.31.2-1
  • H
CVE-2019-12474

<1:1.31.2-1
  • M
Cross-site Scripting (XSS)

<1:1.31.2-1
  • M
Improper Privilege Management

<1:1.31.1-1
  • M
Information Exposure Through Log Files

<1:1.31.1-1
  • M
Improper Authentication

<1:1.31.1-1
  • M
Cross-site Scripting (XSS)

<1:1.19.10+dfsg-1
  • L
Cross-site Scripting (XSS)

<1:1.19.8+dfsg-1
  • H
Session Fixation

<1:1.19.8+dfsg-2.2
  • H
Improper Input Validation

<1:1.19.4-1
  • H
Use of Hard-coded Credentials

<1:1.19.2-1
  • H
CVE-2017-0371

<1:1.27.2-1
  • M
Cross-site Scripting (XSS)

<1:1.19.5-1
  • H
Information Exposure

<1:1.19.4-1
  • L
Information Exposure

<1:1.15.5-6
  • M
Improper Input Validation

<1:1.27.2-1
  • H
Cross-site Request Forgery (CSRF)

<1:1.27.2-1
  • H
Exposure of Resource to Wrong Sphere

<1:1.27.2-1
  • M
Improper Input Validation

<1:1.27.2-1
  • M
Cross-site Scripting (XSS)

<1:1.27.2-1
  • M
Open Redirect

<1:1.27.2-1
  • C
Arbitrary Code Injection

<1:1.27.3-1
  • M
Open Redirect

<1:1.27.2-1
  • H
Information Exposure

<1:1.27.2-1
  • M
Incorrect Default Permissions

<1:1.27.2-1
  • M
Improper Input Validation

<1:1.27.2-1
  • M
Cross-site Scripting (XSS)

<1:1.27.4-1
  • C
Arbitrary Code Injection

<1:1.27.4-1
  • M
Improper Input Validation

<1:1.27.4-1
  • M
CVE-2017-8812

<1:1.27.4-1
  • H
Improper Input Validation

<1:1.27.4-1
  • H
Information Exposure

<1:1.27.4-1
  • H
Improper Input Validation

<1:1.27.4-1
  • M
Cross-site Scripting (XSS)

<1:1.19.2-1
  • M
Cross-site Scripting (XSS)

<1:1.19.2-1
  • M
Information Exposure

<1:1.19.2-1
  • M
Improper Access Control

<1:1.19.2-1
  • H
Improper Access Control

<1:1.19.2-1
  • H
Improper Access Control

<1:1.27.1-1
  • M
Cross-site Scripting (XSS)

<1:1.27.1-1
  • M
Improper Access Control

<1:1.27.1-1
  • H
Improper Access Control

<1:1.27.1-1
  • H
Information Exposure

<1:1.27.1-1
  • M
Cross-site Scripting (XSS)

<1:1.27.1-1
  • H
Information Exposure

<1:1.27.1-1
  • L
Cross-site Scripting (XSS)

<1:1.25.5-1
  • L
Cross-site Request Forgery (CSRF)

<1:1.25.5-1
  • L
Cross-site Request Forgery (CSRF)

<1:1.25.5-1
  • L
Credentials Management

<1:1.25.5-1
  • L
Improper Access Control

<1:1.25.5-1
  • L
Information Exposure

<1:1.25.5-1
  • M
Information Exposure

<1:1.25.5-1
  • L
Improper Access Control

<1:1.25.5-1
  • M
Resource Management Errors

<1:1.25.5-1
  • M
Resource Management Errors

<1:1.25.5-1
  • M
Access Restriction Bypass

<1:1.25.5-1
  • M
Cross-site Scripting (XSS)

<1:1.25.5-1
  • M
Information Exposure

<1:1.25.5-1
  • M
Information Exposure

<1:1.25.5-1
  • H
Cross-site Request Forgery (CSRF)

<1:1.25.5-1
  • L
Cross-site Scripting (XSS)

<1:1.19.20+dfsg-2.3
  • M
Cross-site Scripting (XSS)

<1:1.19.20+dfsg-2.3
  • M
Cross-site Scripting (XSS)

<1:1.19.20+dfsg-2.3
  • M
Resource Management Errors

<1:1.19.20+dfsg-2.3
  • M
Cross-site Request Forgery (CSRF)

<1:1.19.20+dfsg-2.3
  • M
Cross-site Scripting (XSS)

<1:1.19.20+dfsg-2.3
  • M
Cross-site Scripting (XSS)

<1:1.19.20+dfsg-2.3
  • M
Information Exposure

<1:1.19.20+dfsg-2.3
  • M
Cross-site Scripting (XSS)

<1:1.19.20+dfsg-2.3
  • M
Cross-site Scripting (XSS)

<1:1.19.20+dfsg-2.3
  • L
Resource Management Errors

<1:1.19.20+dfsg-2.3
  • M
Resource Management Errors

<1:1.19.20+dfsg-2.3
  • L
Cross-site Scripting (XSS)

<1:1.19.20+dfsg-2.2
  • H
Arbitrary Command Injection

<1:1.19.20+dfsg-2.1
  • L
Cross-site Scripting (XSS)

<1:1.19.20+dfsg-1
  • M
Cross-site Scripting (XSS)

<1:1.19.19+dfsg-1
  • M
Cross-site Request Forgery (CSRF)

<1:1.19.18+dfsg-0.1
  • M
Improper Input Validation

<1:1.19.18+dfsg-0.1
  • L
Cross-site Scripting (XSS)

<1:1.19.16+dfsg-1
  • M
CVE-2012-5391

<1:1.19.3-1
  • M
Cross-site Scripting (XSS)

<1:1.19.10+dfsg-1
  • H
Improper Input Validation

<1:1.19.10+dfsg-1
  • M
Information Exposure

<1:1.19.10+dfsg-1
  • M
Cross-site Scripting (XSS)

<1:1.19.10+dfsg-1
  • M
Improper Authentication

<1:1.19.14+dfsg-1
  • M
Race Condition

<1:1.19.12+dfsg-1
  • M
Cross-site Scripting (XSS)

<1:1.19.12+dfsg-1
  • M
Improper Input Validation

<1:1.19.11+dfsg-1
  • M
CVE-2013-4568

<1:1.19.8+dfsg-2.2
  • M
CVE-2013-4567

<1:1.19.8+dfsg-2.2
  • L
Access Restriction Bypass

<1:1.19.6-1
  • M
CVE-2013-2114

<1:1.19.7+dfsg-1
  • M
Cross-site Scripting (XSS)

<1:1.19.6-1
  • L
Information Exposure

<1:1.19.8+dfsg-1
  • M
Access Restriction Bypass

<1:1.19.8+dfsg-1
  • L
CVE-2012-4885

<1:1.19.0-1
  • M
Cross-site Scripting (XSS)

<1:1.15.5-9
  • M
Access Restriction Bypass

<1:1.15.5-9
  • M
Cross-site Scripting (XSS)

<1:1.19.1-1
  • M
Incorrect Default Permissions

<1:1.15.5-4
  • M
Information Exposure

<1:1.15.5-4
  • L
Improper Input Validation

<1:1.15.5-5
  • M
Cross-site Scripting (XSS)

<1:1.15.5-5
  • L
Information Exposure

<1:1.15.5-1
  • L
Cross-site Scripting (XSS)

<1:1.15.5-1
  • M
Improper Input Validation

<1:1.15.5-5
  • M
Cross-site Scripting (XSS)

<1:1.15.5-5
  • L
Cross-site Scripting (XSS)

<1:1.15.5-3
  • M
Improper Input Validation

<1:1.15.5-2
  • L
Cross-site Request Forgery (CSRF)

<1:1.15.4-1
  • L
Cross-site Scripting (XSS)

<1:1.15.4-1
  • L
Cross-site Request Forgery (CSRF)

<1:1.15.3-1
  • L
Access Restriction Bypass

<1:1.15.2-1
  • L
Improper Input Validation

<1:1.15.2-1
  • L
Cross-site Scripting (XSS)

<1:1.15.0-1.1
  • L
Cross-site Scripting (XSS)

<1:1.14.0-1
  • M
Cross-site Request Forgery (CSRF)

<1:1.13.3-1
  • L
Access Restriction Bypass

<1:1.13.3-1
  • L
Information Exposure

<1:1.13.3-1
  • L
Cross-site Scripting (XSS)

<1:1.13.3-1
  • M
Cross-site Scripting (XSS)

<1:1.13.3-1
  • L
Cross-site Scripting (XSS)

<1:1.13.2-1
  • M
Information Exposure

<1:1.11.2-1
  • L
Cross-site Scripting (XSS)

<1:1.11.1-1
  • L
Cross-site Scripting (XSS)

<1.10.2-1
  • M
Arbitrary Code Injection

<1.7.1-9
  • M
CVE-2007-1054

<1.7.1-9
  • L
CVE-2007-0894

<1:1.10
  • M
CVE-2007-0177

<1.7.1-6
  • M
CVE-2006-1498

<1.4.15-1
  • L
CVE-2006-0322

<1.4.15-1
  • M
CVE-2005-4501

<1.4.13-1
  • M
CVE-2005-3167

<1.4.11-1
  • M
CVE-2005-3165

<1.4.9
  • M
CVE-2005-3166

<1.4.11-1
  • M
CVE-2005-2396

<1.4.9
  • M
CVE-2005-2215

<1.4.9
  • M
CVE-2005-1888

<1.4.9
  • M
CVE-2005-0536

<1.4.9
  • M
CVE-2005-1245

<1.4.9
  • M
CVE-2005-0534

<1.4.9
  • H
CVE-2005-0535

<1.4.9
  • M
CVE-2004-2187

<1.4.9
  • H
CVE-2004-1405

<1.4.9
  • H
CVE-2004-2186

<1.4.9
  • M
CVE-2004-2185

<1.4.9
  • M
CVE-2004-2152

<1.4.9