Exposição de MediaWiki
Wikis33
score de exposição
22.129
sites usam
0
em exploração
0
críticos
CVEs
64 resultadosCVE-2017-0363—Special:UserLogin?returnto=interwiki:foo will redirect to external sitesEPSS 1.1%CVE-2013-6451—Cross-site scripting (XSS) vulnerability in MediaWiki 1.19.9 before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attaEPSS 1.1%CVE-2017-0362—"Mark all pages visited" on the watchlist does not require a CSRF tokenEPSS 0.8%CVE-2017-0361—api.log contains passwords in plaintextEPSS 0.5%CVE-2025-6927LOWAutoblocks from global account suppressions are publicly visibleEPSS 0.5%CVE-2025-6597NONEMediaWiki should not consider autocreation as login for the purposes of security reauthenticationEPSS 0.5%CVE-2025-6589LOWWith MultiBlocks enabled and a user who is suppressed via a MultiBlock, a user without 'hideuser' can see the hidden username in the BlockListEPSS 0.4%CVE-2025-6593LOW"{{SITENAME}} registered email address has been changed" email sent to unverified email addressesEPSS 0.4%CVE-2025-67484NONEAction API xslt option allows JavaScript execution by administrators who are not interface administratorsEPSS 0.4%CVE-2025-6591NONEHTML injection in API action=feedcontributions output from i18n messageEPSS 0.4%CVE-2025-3469NONEi18n XSS vulnerability in HTMLMultiSelectField when sections are usedEPSS 0.3%CVE-2025-32698LOWLogPager.php: Restriction enforcer functions do not correctly enforce suppression restrictionsEPSS 0.3%CVE-2025-6590MEDIUMComplete content leak of private wikis due to PasswordReset Wikitext injection in error messageEPSS 0.3%CVE-2025-32697NONECascading protection is not preventing file reversionsEPSS 0.3%CVE-2025-32700LOWAbuseFilter log interfaces expose global private and hidden filters when central DB is not availableEPSS 0.3%CVE-2025-32699LOWPotential javascript injection attack enabled by Unicode normalization in Action APIEPSS 0.3%CVE-2026-34091MEDIUMUser localization leaked by AbuseFilter + EventStreamEPSS 0.3%CVE-2026-34088LOWRecentChanges entries expose suppressed content via generated log page htmlEPSS 0.3%CVE-2025-32696NONE"reupload-own" restriction can be bypassed by reverting fileEPSS 0.3%CVE-2025-61634NONEHTML rest endpoint needs PoolCounter and proper parser cache checkEPSS 0.3%
Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →