Skip to main content
CVE-2014-9714 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the WddxPacket::recursiveAddVar function in HHVM (aka the HipHop Virtual Machine) before 3.5.0 allows remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Hiphop Virtual Machine
NVD GitHub
CVSS 2.0
4.3
EPSS
0.5%
CVE-2015-2941 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM, allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS PHP Mediawiki
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-2931 MEDIUM POC PATCH This Month

Incomplete blacklist vulnerability in includes/upload/UploadBase.php in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS PHP Mediawiki
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-2940 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in the CheckUser extension for MediaWiki allows remote attackers to hijack the authentication of certain users for requests that retrieve sensitive. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF Checkuser
NVD
CVSS 2.0
6.8
EPSS
0.3%
CVE-2015-2935 MEDIUM PATCH This Month

MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to bypass the SVG filtering and obtain sensitive user information via a mixed case @import in a style. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Mediawiki
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2015-0840 MEDIUM PATCH This Month

The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file (.dsc). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Debian Authentication Bypass Dpkg Ubuntu Linux
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2015-2939 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Scribunto extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via a function name, which is not properly handled in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Scribunto
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2015-2938 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via a custom. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Mediawiki
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-2934 MEDIUM PATCH This Month

MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 does not properly handle when the Zend interpreter xml_parse function does not expand entities, which allows remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Mediawiki
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-2933 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Html class in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Mediawiki
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-2932 MEDIUM PATCH This Month

Incomplete blacklist vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via an animated href XLink. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Mediawiki
NVD
CVSS 2.0
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy